<?php

class Controller_Account extends Controller
{

	static function actionView ($data) {
		$uid = User::authenticated ();
		if ($uid === false) {
			self::redirect ('account', 'login');
		} else {
			try {
				$user = User::getAuthenticated ();
			} catch (SessionException $e) {
				self::error (ERR_COOKIE_SESSION);
			} catch (Excetion $e) {
				self::error (ERR_READING_ACCOUNT, $e);
				return;
			}
			
			if ($user === false) {
				self::error (ERR_READING_ACCOUNT);
				return;
			}
		}
		View::render ('account', array ('user'=>$user));
		return;
	}
	
	static function actionLogout ($data) {
		session_destroy ();
		View::render ('login', array ('logout'=>true));
		return;
	}

	static function actionLogin ($data) {
		// Save going through all the validation if they're already logged in
		if (User::authenticated () !== false) {
			self::redirect ('account');
			return;
		}
	
		$errors = array ();
		
		$username = (isset ($_POST['username'])) ? $_POST['username'] : '';
		$password = (isset ($_POST['password'])) ? $_POST['password'] : '';

		if (isset ($_POST['login'])) {		
			if ($username == '') {
				$errors['no_username'] = true;
			}

			if ($password == '') {
				$errors['no_password'] = true;
			}

			if (sizeof ($errors) == 0) {
				// Validated basic stuff, now verify the user's credentials
				// Catch any PDO errors thrown by authenticating the user
				try {
					if (!User::login ($_POST['username'], $_POST['password'])) {
						$errors['wrong_credentials'] = true;
					}
				} catch (PDOException $e) {
					$errors['database_error'] = $e->getMessage ();
				}
			}

			// If they're logged in, redirect them to their account page
			if (User::authenticated () !== false) {
				self::redirect ('account');
				return;
			}
		}
		
		View::render ('login', array ('username' => $username, 'password' => $password, 'errors'=>$errors));
		return;
	}

	static function actionCreate ($data) {
		if (User::authenticated () !== false) {
			self::redirect ('account');
			return;
		}

		$errors = array ();
		$username = (isset ($_POST['username'])) ? $_POST['username'] : '';
		$password = (isset ($_POST['password'])) ? $_POST['password'] : '';
		$firstname = (isset ($_POST['firstname'])) ? $_POST['firstname'] : '';
		$lastname = (isset ($_POST['lastname'])) ? $_POST['lastname'] : '';
		$email = (isset ($_POST['email'])) ? $_POST['email'] : '';

		if (isset ($_POST['create'])) {		
			try {
				// $errors is passed back by reference.  Return value is true/false
				User::create ($username, $password, $firstname, $lastname, $email, $private_clear, $errors);
			} catch (PDOException $e) {
				self::error (ERR_NEW_ACCOUNT_FAILED, $e);
				return;
			} catch (EncryptionException $e) {
				self::error (ERR_NEW_ACCOUNT_FAILED, $e);
				return;
			}
				
			if (sizeof ($errors) == 0) {
				if (!User::login ($username, $password)) {
					self::error (ERR_NEW_ACCOUNT_LOGIN_FAILED);
					return;
				}
				View::render ('new_account_created', array ('username'=>$username, 'password'=>$password, 'email'=>$email, 'firstname'=>$firstname, 'lastname'=>$lastname, 'private_clear'=>$private_clear));
				return;
			}
		}

		View::render ('new_account', array ('errors'=>$errors, 'lastname'=>$lastname, 'firstname'=>$firstname, 'email'=>$email, 'password'=>$password, 'username'=>$username));
		return;
	}

}
